How To Have The Wisdom Of Experts Woven Into Your Code

October 14, 2024 Nicholas DeLessio

No matter how far you are down the road with your DevOps automation journey, or even if you’re not yet starting that journey, it’s probably a good idea to have a code checker; not everyone can have a Linus Torvalds review their work (as famously happens with the open source Linux kernel), but there are automation tools available for various languages and platforms that do static code analysis and they are the next best thing.

These tools, sometimes called “code linters” (because they remove the fuzzy bits out of application logic like actual linters remove imperfections stuck to our clothing), snap into integrated development environments and are commonly used with Windows Server, Linux, and other platforms and are becoming more common with the IBM i platform. Linters encapsulate the best practices for application development in any particular language, and help your programmers adhere to those guidelines and therefore create better code.

IBM has released a linter for the VS Code IDE that works with SQL and ILE RPG, but that code checker is (oddly enough) not compatible with IBM’s own Rational Developer for i IDE, and it doesn’t work for older versions of the RPG programming language. SonarSource has a code checker called SonarQube that plugs into various IDEs, and it has support for C++, Java, and a few other languages, but if you want support for RPG, you have to buy the enterprise version of its tool. But more importantly, if you use SonarQube for RPG, it is far more limited in its rule set; it only has a very preset, predetermined number of rules that you must follow, and those rules are all hard-stop errors. And importantly, none of the code checkers that are available in the broader market can handle the fixed form RPG, which is still the most common in the IBM i customer base. The code checker that IBM has created for VS Code requires applications to be fully free form, for instance.

Six years ago, ARCAD Software introduced CodeChecker, its version of a linter for RPG applications, and there are several things that are interesting about it. First of all, it is focused on the IBM i platform and all manner of RPG applications as well as SQL and CL applications. And to be specific, all strains of RPG, way back to RPG-III and RPG-IV, are covered by CodeChecker. Moreover, CodeChecker can snap into RDi or VS Code and integrates with version control systems and standard Git repositories such as GitHub, GitLab and BitBucket. And finally – and importantly for IBM i shops – who are only dipping their toes into DevOps, it is a free-standing tool that is not dependent on anything else in the ARCAD application development toolchain.

So what does CodeChecker actually do? Well, it is like having Barbara Morris or Jim Buck looking over your shoulder as you code. (The tool was developed using code from ARCAD customers as well as with input from Jim Buck, so it is a bit like having him with you in the same room.) It looks at your new and existing code and it finds things that that are bad, such as, code doesn’t have comments or the code is too nested, making it too deep and too complicated. Or, CodeChecker finds security exposures, such as where data passes in SQL statements, which can be a security risk. Or you have code that uses old style calls, which can be hacked. Maybe you are not checking the parameters on the calls so that can be exposed as a vulnerability. CodeChecker can reject code if it doesn’t meet those criteria, and if you try to commit bad code, it will reject it and make you go back and fix it. It therefore enforces good coding, right through the development cycle.

CodeChecker comes with a lot of rules embedded inside of it, but it also allows for custom rules to be added. For example, your company might need a specific comment or a copyright notice inside the program. But perhaps more importantly for customers who have an old application estate with a mix of vintages of RPG, CodeChecker has what is called “delta mode” that allows CodeChecker to ignore rules that old code breaks; a useful feature for companies who are modernizing that code step by step. ARCAD realizes you cannot fix everything all at once. Having monolithic code for applications is still pretty common in the IBM i base, even after decades of the microservices approach being in the market.

The IBM i platform has been around in some form for more than five decades, and code linters have been around for over four decades and are commonly used – almost universally used – with other languages on other platforms. This is just one of the places where IBM i hasn’t so far attained this same capability. But with new programmers coming into the IBM i fold and in-house expertise retiring, perhaps now is a good time for you to think about automating the quality of the code that encapsulates your business and drives it.

And if you already have SonarQube, by the way, CodeChecker can output reports to it so your application development team can have one global view of the entire codebase – the perfect opportunity to enforce consistent, modern, code quality rules so that RPG applications meet the same level of code quality as other languages in your portfolio.

Nicholas DeLessio is a DevOps consultant for ARCAD Software.

This content is sponsored by ARCAD Software.

This Issue Sponsored By

Table of Contents

Content archive

Recent Posts

Subscribe

Pages

Search